search cancel

Powershell command to get information about Active Directory domain users and their properties.

book

Article ID: 174027

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Prevent for Microsoft Office 365 Endpoint Encryption

Issue/Introduction

View an AD user's attributes during troubleshooting.

Permission Denied or doesn't have access to AD

Cause

Normal Domain users don't have Full access to AD due to security reasons.

Environment

OS: 2008, 2008R2, 2012, 2012R2, 2016, windows 10, etc.

Psversion: 4.0

Pscomaptible versions: {1.0, 2.0, 3.0, 4.0}

Resolution

From Windows 10 or Windows 7, in order to use the Get-AdUser cmdlet, install the appropriate version of RSAT and enable the Active Directory Module for Windows PowerShell component from Control Panel (Programs > Turn Windows features on or off > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools).

Steps:

1. Launch Powershell ISE as an administrator.

2. Type Get-aduser "user1" -Properties *

(This command returns a full list of AD attributes and their values associated with the user account)

3. To see the properties PasswordExpired, PasswordLastSet, or PasswordNeverExpires, open the formatting of Get-ADUser output and allow the necessary fields to be displayed:

Get-aduser "user1" -Properties PasswordExpired, PasswordLastSet, PasswordNeverExpires

Additional Information

180156 - How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for Encryption Management Server

Attachments